Article

Cybersecurity Statement of Guidance for Regulated Entities

Weekly insights from CIMA’s Cybersecurity Guidance

Insight #16 | CIMA Rules and Statement of Guidance are a reality. Is your organisation ready?

Cybersecurity remains a top priority for organisations, and many operating in the Cayman Islands face extra scrutiny. Meeting the various requirements of the CIMA Statement of Guidance can seem daunting. 

Here are some key questions your organisation should be asking about its cybersecurity programme:

  1. How does our cybersecurity programme align to industry standards and the CIMA Statement of Guidance requirements?
  2. Can we rapidly contain damages and mobilise response resources when a cyber incident occurs? How is our cyber incident response plan tailored to address the unique risk?
  3. How do we evaluate the effectiveness of our organisation’s cybersecurity programme?
  4. Have we established an appropriate cyber risk escalation framework that includes our risk appetite and reporting thresholds?
  5. Do we demonstrate due diligence, ownership, and effective management of cyber risk?
  6. How do our awareness programmes create a cyber-focused mindset and cyber-conscious culture enterprise wide?
  7. How exposed and protected are we from new threats and vulnerabilities?
  8. Do we have the right leadership and talent to address cyber risks? Who is leading key cyber initiatives in our organisation?
  9. What have we done to protect the organisation against third-party cyber risks? 
  10. Is the Board and senior management involved in the cybersecurity programme?

How can Deloitte help? 

Deloitte Risk Advisory offers specific expertise in cyber services, data privacy, governance, regulatory, and compliance to help your organisation navigate the new Statement of Guidance requirements and gain a competitive advantage. 

Here are some of our services to help you comply with the CIMA Statement of Guidance:

  • CIMA Statement of Guidance Readiness Assessment;
  • IT and Cybersecurity Policies and Procedures Development;
  • Cyber Training, Education and Awareness;
  • Cyber Risk Assessment;
  • Cyber Incident Response;
  • Data Privacy and Protection;
  • Vulnerability Assessment and Penetration Testing; and
  • Managed Security Services. 

Did you find this useful?